apache

2,904 tracked vulnerabilities.

CVE-2019-0190 HIGH
Apache HTTP Server 2.4.37 - Denial of Service via mod_ssl Client Renegotiation
Jan 30, 2019
CVSS 7.5
EPSS 0.17
CVE-2018-9481 MEDIUM
Android - Remote Information Disclosure via Integer Overflow in bta_hd_set_report_act
Nov 20, 2024
CVSS 6.5
EPSS 0.00
CVE-2018-11764 HIGH
Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, 3.0.0 - Authenticated User Impersonation via Broken Web Endpoint Authentication
Oct 21, 2020
CVSS 8.8
EPSS 0.00
CVE-2018-20243 HIGH
Apache Fineract 1.0.0-1.2.9 - Credential Exposure via URL Parameters
Oct 13, 2020
CVSS 7.5
EPSS 0.01
CVE-2018-11765 HIGH
Apache Hadoop 2.8.0-2.8.5, 2.9.0-2.9.2, 3.0.0-alpha2-3.0.0 - Unauthenticated Servlet Access via Kerberos Bypass
Sep 30, 2020
CVSS 7.5
EPSS 0.01
CVE-2018-21234 CRITICAL
jodd < 5.0.4 - Deserialization of Untrusted Data via JSON setClassMetadataName
May 21, 2020
CVSS 9.8
EPSS 0.25
CVE-2018-1285 CRITICAL
Apache log4net < 2.0.10 - XML External Entity Injection in Configuration Parser
May 11, 2020
CVSS 9.8
EPSS 0.66
CVE-2018-11802 MEDIUM
Apache Solr < 6.6.6 and 7.0.0-7.7.0 - Incorrect Authorization via Collection Proxy Request
Apr 01, 2020
CVSS 4.3
EPSS 0.00
CVE-2018-1311 HIGH
Apache Xerces-C++ 3.0.0-3.2.3 - Use-After-Free in External DTD Scanning
Dec 18, 2019
CVSS 8.1
EPSS 0.04
CVE-2018-11805 MEDIUM
Apache SpamAssassin <3.4.3 - Code Injection
Dec 12, 2019
CVSS 6.7
EPSS 0.00
CVE-2018-11768 HIGH
Apache Hadoop 2.0.0-2.9.1, 3.0.0-3.0.3, 3.1.0-3.1.1 Memory Corruption
Oct 04, 2019
CVSS 7.5
EPSS 0.01
CVE-2018-11782 MEDIUM
Apache Subversion <= 1.9.10, 1.10.4, 1.12.0 - Denial of Service via Read-Only Request
Sep 26, 2019
CVSS 6.5
EPSS 0.01
CVE-2018-17200 CRITICAL
Apache OFBiz 16.11.01-16.11.05 - Remote Code Execution via XStream Deserialization in HTTP Service Endpoint
Sep 11, 2019
CVSS 9.8
EPSS 0.02
CVE-2018-11774 HIGH
Apache Virtual Computing Lab 2.1-2.5 - Authenticated SQL Injection
Jul 29, 2019
CVSS 7.2
EPSS 0.00
CVE-2018-11773 CRITICAL
Apache Virtual Computing Lab 2.1-2.5 - Improper Input Validation via Block Allocation Form
Jul 29, 2019
CVSS 9.8
EPSS 0.01
CVE-2018-11772 HIGH
Apache Virtual Computing Lab 2.1-2.5 - Authenticated SQL Injection via Privilege Tree Cookie
Jul 29, 2019
CVSS 7.2
EPSS 0.00
CVE-2018-11779 CRITICAL
Apache Storm 1.1.0-1.2.2 - Deserialization of Untrusted Data via Storm UI Daemon
Jul 26, 2019
CVSS 9.8
EPSS 0.01
CVE-2018-17196 HIGH
Apache Kafka 0.11.0.0-2.1.0 - Authenticated ACL Bypass via Crafted Produce Request
Jul 11, 2019
CVSS 8.8
EPSS 0.00
CVE-2018-11801 CRITICAL
Apache Fineract <1.3.0 - SQL Injection
Jun 11, 2019
CVSS 9.8
EPSS 0.03
CVE-2018-11800 CRITICAL
Apache Fineract <1.3.0 - SQL Injection
Jun 11, 2019
CVSS 9.8
EPSS 0.03
CVE-2018-8029 HIGH
Apache Hadoop <3.1.0, <2.9.1, <2.8.4 - Privilege Escalation
May 30, 2019
CVSS 8.8
EPSS 0.01
CVE-2018-17198 CRITICAL
Apache Roller < 5.1.2 - Server-Side Request Forgery via XML-RPC External Entity Processing
May 28, 2019
CVSS 9.8
EPSS 0.01
CVE-2018-17202 HIGH
Apache Commons Imaging and Sanselan - Denial of Service via Infinite Loop in Image Parsing
May 06, 2019
CVSS 7.5
EPSS 0.02
CVE-2018-17201 HIGH
Apache Commons Imaging and Sanselan - Denial of Service via Malicious Image Parsing
May 06, 2019
CVSS 7.5
EPSS 0.03
CVE-2018-8035 MEDIUM
Apache UIMA DUCC <= 2.2.2 - Stored Cross-Site Scripting
May 01, 2019
CVSS 6.1
EPSS 0.04
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV